package com.dongwu.config.security;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import com.dongwu.security.service.impl.CustomUserDetailsService;
import com.dongwu.security.service.impl.LoginSuccessHandler;

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)  
@EnableConfigurationProperties(SecuritySettings.class)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	
	@Autowired
	private SecuritySettings settings;
	
    @Autowired
    private CustomUserDetailsService customUserDetailsService;
    
    @Autowired
    private AuthenticationManager authenticationManager;
    
    @Autowired @Qualifier("dataSource")
    private DataSource dataSource;
    
    
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.formLogin().loginPage("/login").failureUrl("/login-error").permitAll().successHandler(loginSuccessHandler())
				.and().authorizeRequests()
				.antMatchers("/css/**", "/images/**","/ueditor/**", "/js/**", "/demo/**").permitAll()
				.antMatchers(settings.getPermitall().split(",")).permitAll()
				.anyRequest().authenticated()
				.and().logout().logoutSuccessUrl(settings.getLogoutsuccssurl())
                .and().exceptionHandling().accessDeniedPage(settings.getDeniedpage())
                .and().csrf().disable();
		http.headers()
                .frameOptions().sameOrigin()
				.httpStrictTransportSecurity().disable();
		
		
	}

    @Override
    protected void configure(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder());
//        //remember me
//        auth.eraseCredentials(false);
    }
    
    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    
    @Bean
    public LoginSuccessHandler loginSuccessHandler(){
        return new LoginSuccessHandler();
    }

    @Bean
    public CustomFilterSecurityInterceptor customFilter() throws Exception{
        CustomFilterSecurityInterceptor customFilter = new CustomFilterSecurityInterceptor();
        customFilter.setSecurityMetadataSource(securityMetadataSource());
        customFilter.setAccessDecisionManager(accessDecisionManager());
        customFilter.setAuthenticationManager(authenticationManager);
        return customFilter;
    }

    @Bean
    public CustomAccessDecisionManager accessDecisionManager() {
        return new CustomAccessDecisionManager();
    }

    @Bean
    public CustomSecurityMetadataSource securityMetadataSource() {
        return new CustomSecurityMetadataSource(settings.getUrlroles());
    }
}
